SECure enables content to be signed, encrypted and compressed on the DP which clients can download – content is downloaded according to the data format (0 – original, 1 – compressed or 2 – encrypted+compressed) specified in the client policy. If you intend to use this feature, you must update all Nomad clients to 6.1 or they will fail to download encrypted content. This is because older clients only supports the original unencrypted data format.

On this page

The behavior for SECure is:

  1. There is no encryption without compression.
  2. There is no signing without compressed or encrypted data.

Enabling the SECure feature

  1. On Configuration Manager:
    1. To mark content for a compressed and encrypted download, update the Nomad settings tab:
      Marking download content for compression and encryption

      • For packages/task sequences, compression and encryption can be applied on individual packages.
      • For applications, compression and encryption applies to all applications as the option is in client settings.
    2. Click OK.
  2. On the client, peers will only respond if the format they hold matches those of the election.

To illustrate the data formats in the LSZ files:

  • Compressed data format (1)
    Compressed data format in the LSZ file
  •  Encrypted data format (2)
    Encrypted data format in the LSZ file

You can use the smsnomad command-line to set the data format for packages. For example:

smsnomad --s --pp="http://[server]/SMS_DP_SMSPKG$/PS100014" --prestage --contentid=PS100014 --ver=7 --wr=10 --pc=1 --df=1


  • --s is where we run Nomad independently of Configuration Manager
  • --pp is directory containing the source files to be downloaded
  • --prestage enables Nomad to download a package without the need to run any executable in the package
  • --contentid is the content identifier
  • --ver is the version of the package to be downloaded
  • --wr is the workrate
  • --pc is the priority for the cache
  • --df is the data format 

AOT LSZ generation

When Nomad runs on Configuration Manager, it automatically triggers the Ahead-of-time (AOT) LSZ generation. This feature reduces time the client has to wait before the LSZ is generated and downloaded from the DP. Nomad keeps a log of AOT requests to the DP in memory – it is lost if you lose or restart the service.

By default:

  • AOT works with compressed (1) and encrypted (2) data formats (SupportedDataFormats). 
  • Scanning of candidates for AOT LSZ requests are carried out every 30 minutes

The conditions for AOT are:

  • Contents must be distributed to the DPs
  • Contents must be deployed

  • Nomad keeps record of AOT requests sent to DP (AOT requests sent successfully will not be sent again. AOT requests would be resend if service bounced, content version changed or content format changed)
  • The schedule for the contents must be within the AOT time frame – the default for FutureWindowsHrs is 24 and PastWindowsHrs is 6
  • Content size should be above a threshold (default 1GB)
  • Default supported data formats (compressed and encrypted)
  • Scans to identify AOT candidates are carried out every 30 minutes
Pre-caching and software updates are not supported by AOT.